Fingerprinting Protection mode

[diracdeltas]

See https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode for overview; code at https://github.com/brave/browser-laptop/blob/master/app/extensions/brave/brave-default.js#L809.

Basically, if the fingerprinting block option is enabled (it's off by default), then Brave inserts a page script which stubs various DOM javascript methods that can be used to report unique user details (ex: HTMLCanvasElement.prototype.toDataUrl). Instead, when the page tries to call these methods, Brave sends a report to the background process that says which fingerprinting methods were blocked. This info is shown to the user in the Bravery panel.

[garvankeeley]

https://panopticlick.eff.org/. The canvas hash value should be 891f3debe00dbd3d1f0457a70d2f5213 and the webgl hash should be undetermined.

With fingerprinting protection on in UIWebView the browser fingerprinting test never completes to report a result.

To check that audiocontext fingerprinting protection is working, try https://audiofingerprint.openwpm.com/. The fingerprint values should be blank or all 0's.

This site works, and also has Canvas and Javascript Font Detection

[garvankeeley]

@diracdeltas is there a site other than panopticlick that just dumps the fingerprinting result table? EDIT: ignore ^^^, no doubt error in my native override is causing this

EDIT 2: code is fixed, hash is 891f3debe00 as expected.

[diracdeltas]

@garvankeeley cool! there's also https://www.browserleaks.com/canvas but it uses a sneakier iframe tracking method; see https://github.com/brave/browser-laptop/blob/master/app/extensions/brave/content/scripts/blockCanvasFingerprinting.js#L156

[garvankeeley]

Test sites:

• https://amiunique.org/fp
• https://www.browserleaks.com/canvas
  canvas creation in iframe should be blocked
• https://panopticlick.eff.org
  look for hash starting with 891f3debe
• https://audiofingerprint.openwpm.com/
  look for blank fingerprint values